Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Simon Matthews

Pages: 1 [2] 3
16
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 03, 2008, 11:17:18 am »
No, it's not transparent.
I may have problems having internal and external on the same subnet* (it's just for testing) but that isn't what is causing the following problem... well from what I know so far.
I will be changing the internal and external IPs tomorrow. I will see how it turns out and if it resolves the problem.
Thanks heaps Javi

P.S. My I.T. background is mostly networking

17
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 09:42:29 am »
Bump...

Really need to get this sorted.

Any help at all would be greatly appreciated

18
Installation and Upgrades / Re: Updating DNS with DHCP
« on: December 02, 2008, 09:41:02 am »
So you just want to set DNS with DHCP from the modem? Is the modem doing DHCP? Because in that case all you need to do is put the right DNS in the DHCP setup on the modem.

19
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 05:29:03 am »
Now I have found that Objects don't work either because when an Object is set to Allow All when everything else is set to Filter it adds another rule as shown:

Chain premodules (1 references)
target     prot opt source               destination
RETURN     tcp  --  10.1.1.2             192.168.1.102       tcp dpt:3128
REDIRECT   tcp  --  anywhere             192.168.1.102       tcp dpt:3128 redir ports 3129

When I removed both of these rules and readded them manually it all worked fine.

Why is this failing when they are autoadded by ebox?

20
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 04:46:12 am »
This is what I did after fixing that iptables setting.

Setup an Object for a particular IP. I then added an Object Policy in Proxy to allow all on that object. I was then able to get to blocked pages. I then set it to Deny All and I was confronted with the Access denied page. I then removed the Object Policy for the object and I was still completely blocked.
This is where I put in the previous iptables command and it started to work again no problems. Is this a bug in ebox? has anyone else experienced this?

21
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 04:31:25 am »
It seems that the problem may actually be with:
Chain premodules (1 references)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             192.168.1.102       tcp dpt:3128 redir ports 3129

I was testing a bit more and then lost connection once using filtering again. I couldn't get it to work until I did:
Code: [Select]
iptables -t nat -A premodules -p tcp -m tcp -d 192.168.1.102 --dport 3128 -j REDIRECT --to-ports 3129

22
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 03:08:02 am »
I have figured out what my problems were. I am pretty sure it is just because in testing I have both internal and external on the same network.
Internal is 192.168.1.101
External is 192.168.1.102
This is just for testing purposes to make sure it all worked before putting it in the way of the network. I will be changing the external IP to 192.168.0.1 and Internal to 192.168.1.1.

What I did to get this working was put the proxyip setting in dansguardian.conf to the ip of the internal NIC rather than localhost. I also had to set the acl localhosts to 192.168.1.102 in squid.conf.

What I am now wondering is when I change the NIC IP's as stated above... will setting these files back to localhost cause any problems?

Cheers

Turns out this doesn't actaully seem to be the problem or fix

23
Installation and Upgrades / [SOLVED] Squid and Dansguardian problem
« on: December 02, 2008, 01:59:55 am »
Hey,
The problem so far:
Unable to use proxy at all unless I create a rule in the firewall section; "Filtering rules from external networks to eBox" that allows all source ports to be allowed through the squid port (3128).
Unable to use Proxy with filtering on. It doesn't get to dansguardian, it always comes up with the page "ERROR: The requested URL could not be retrieved"
If I put the dansguardian port into my proxy settings i can't get anywhere.

Here is some of my iptables config:
iptables -L
Chain iexternal (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3129 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3129 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3128 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3128 state NEW

Chain imodules (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:3129
DROP       tcp  --  anywhere             anywhere            state NEW tcp dpt:3128

iptable -L -t nat

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
premodules  all  --  anywhere             anywhere

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
postmodules  all  --  anywhere             anywhere
SNAT       all  -- !192.168.1.101        anywhere            to:192.168.1.101

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain postmodules (1 references)
target     prot opt source               destination
MASQUERADE  all  --  10.1.1.0/24          anywhere

Chain premodules (1 references)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             192.168.1.102       tcp dpt:3128 redir ports 3129

This is setup as non-transparent proxy on default port and filter on default port. The default proxy setting is to filter.

Cheers for the help

24
Installation and Upgrades / Re: need help firewall and Squid
« on: December 01, 2008, 05:51:43 am »
Hey poundjd,
You should be able to do this by putting the ebox in the way of the LAN and the modem. You will need 2 network cards in the server.
I'm pretty sure ebox doesn't have an option for setting up filters depending on time. Although you could set it up manually.
You could set it so only your kids computers would have filtered internet by using Static IP's on all computers. You can then put the IP's of your PCs in an unrestricted object.

25
Installation and Upgrades / Re: Email and LDAP
« on: December 01, 2008, 05:26:01 am »
Can you give any more information about your problem?

26
Installation and Upgrades / Re: Updating DNS with DHCP
« on: December 01, 2008, 05:24:43 am »
Probably be good to test it on an non-production server first.

28
pdbedit -u <username> -v

User SID:  S-1-5-21-3818554400-921237426-3143208535-****
Primary Group SID:  S-1-5-21-3818554400-921237426-3143208535-****

Make sure all the numbers for User and Primary Group SID are the same except the ones after the last hyphen.

29
Installation and Upgrades / Re: Firewall blocking Road Warriors
« on: November 26, 2008, 01:52:27 am »
I was unable to map the network drives of local computers without adding that rule... not the shares on the ebox. I could ping all the computers within the network but I couldn't get to their shares. Once the allow all rule was added I was able to.
Also, the ebox is behind a router with a firewall and only the openVPN port is forwarded to ebox.

30
Installation and Upgrades / Firewall blocking Road Warriors
« on: November 19, 2008, 04:59:03 am »
I was just wondering if the Firewall blocks access to most internal ports from remote VPN users.
I was attempting to Remote Desktop to a PC on the internal network remotely but was unable to do so. I also found that I was unable to map network drives.
I changed the firewalls "Filtering rules from external networks to internal networks" by adding an allow all rule. This fixed the problem... why is the VPN considered as being an external network?

Pages: 1 [2] 3